8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-01-11 11:32:09 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Enhancement: Add support for Pyload 0.5.0 CSRF-protected API (#6142)

Browse Source
This commit is contained in:
shamoon
2025-12-30 19:18:56 -08:00
committed by GitHub
parent f7ad322d4c
commit 682e0cbc82
2 changed files with 59 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/widgets/pyload/proxy.js
View File

@@ -11,6 +11,15 @@ const logger = createLogger(proxyName);
const sessionCacheKey = `${proxyName}__sessionId`; const sessionCacheKey = `${proxyName}__sessionId`;
const isNgCacheKey = `${proxyName}__isNg`; const isNgCacheKey = `${proxyName}__isNg`;
function parsePyloadResponse(url, data) {
try {
return JSON.parse(Buffer.from(data).toString());
} catch (e) {
logger.error(`Error communicating with pyload API at ${url}, returned: ${JSON.stringify(data)}`);
return data;
}
}
async function fetchFromPyloadAPI(url, sessionId, params, service) { async function fetchFromPyloadAPI(url, sessionId, params, service) {
const options = { const options = {
body: params body: params
@@ -33,13 +42,33 @@ async function fetchFromPyloadAPI(url, sessionId, params, service) {
// eslint-disable-next-line no-unused-vars // eslint-disable-next-line no-unused-vars
const [status, contentType, data, responseHeaders] = await httpProxy(url, options); const [status, contentType, data, responseHeaders] = await httpProxy(url, options);
let returnData; const returnData = parsePyloadResponse(url, data);
try { return [status, returnData, responseHeaders];
returnData = JSON.parse(Buffer.from(data).toString()); }
} catch (e) {
logger.error(`Error communicating with pyload API at ${url}, returned: ${JSON.stringify(data)}`); async function fetchFromPyloadAPIBasic(url, params, username, password) {
returnData = data; const parsedUrl = new URL(url);
const isGetRequest = !params || Object.keys(params).length === 0;
const options = {
method: isGetRequest ? "GET" : "POST",
headers: {
Authorization: `Basic ${Buffer.from(`${username}:${password}`).toString("base64")}`,
},
};
if (isGetRequest) {
if (params) {
Object.keys(params).forEach((key) => parsedUrl.searchParams.append(key, params[key]));
}
} else {
options.headers["Content-Type"] = "application/json";
options.body = JSON.stringify(params);
} }
// eslint-disable-next-line no-unused-vars
const [status, contentType, data, responseHeaders] = await httpProxy(parsedUrl, options);
const returnData = parsePyloadResponse(parsedUrl, data);
return [status, returnData, responseHeaders]; return [status, returnData, responseHeaders];
} }
@@ -66,24 +95,43 @@ async function login(loginUrl, service, username, password = "") {
return sessionId; return sessionId;
} }
export default async function pyloadProxyHandler(req, res) { export default async function pyloadProxyHandler(req, res, map = {}) {
const { group, service, endpoint, index } = req.query; const { group, service, endpoint, index } = req.query;
const { ngEndpoint } = map;
try { try {
if (group && service) { if (group && service) {
const widget = await getServiceWidget(group, service, index); const widget = await getServiceWidget(group, service, index);
if (widget) { if (widget) {
const url = new URL(formatApiCall(widgets[widget.type].api, { endpoint, ...widget })); const apiTemplate = widgets[widget.type].api;
const url = new URL(formatApiCall(apiTemplate, { endpoint, ...widget }));
const ngUrl = ngEndpoint ? new URL(formatApiCall(apiTemplate, { endpoint: ngEndpoint, ...widget })) : url;
const loginUrl = `${widget.url}/api/login`; const loginUrl = `${widget.url}/api/login`;
const hasCredentials = widget.username && widget.password;
if (hasCredentials) {
const [status, data] = await fetchFromPyloadAPIBasic(ngUrl, null, widget.username, widget.password);
if (status === 200 && !data?.error) {
cache.put(`${isNgCacheKey}.${service}`, true);
return res.json(data);
}
if (status === 401) {
return res
.status(status)
.send({ error: { message: "Invalid credentials communicating with Pyload API", data } });
}
}
let sessionId = let sessionId =
cache.get(`${sessionCacheKey}.${service}`) ?? cache.get(`${sessionCacheKey}.${service}`) ??
(await login(loginUrl, service, widget.username, widget.password)); (await login(loginUrl, service, widget.username, widget.password));
let [status, data] = await fetchFromPyloadAPI(url, sessionId, null, service); let [status, data] = await fetchFromPyloadAPI(url, sessionId, null, service);
if (status === 403 || status === 401) { if (status === 403 || status === 401 || (status === 400 && data?.error?.includes("CSRF token"))) {
logger.info("Failed to retrieve data from Pyload API, trying to login again..."); logger.info("Failed to retrieve data from Pyload API with session auth, trying to login again...");
cache.del(`${sessionCacheKey}.${service}`); cache.del(`${sessionCacheKey}.${service}`);
sessionId = await login(loginUrl, service, widget.username, widget.password); sessionId = await login(loginUrl, service, widget.username, widget.password);
[status, data] = await fetchFromPyloadAPI(url, sessionId, null, service); [status, data] = await fetchFromPyloadAPI(url, sessionId, null, service);

1
src/widgets/pyload/widget.js
View File

@@ -7,6 +7,7 @@ const widget = {
mappings: { mappings: {
status: { status: {
endpoint: "statusServer", endpoint: "statusServer",
map: { ngEndpoint: "status_server" },
}, },
}, },
}; };